• ​Installing the Ranger Kafka Plug-in


    This section describes how to install and enable the Ranger Kafka plug-in.

    1. The Ranger Kafka plug-in is automatically installed when Kafka is installed. You can verify this plug-in is present by using the following command:

      rpm -qa | grep kafka-plugin
      ranger_2_4_2_0_258-kafka-plugin-0.5.0.2.4.2.0-258.el6.x86_64
    2. Navigate to /usr/hdp/<version>/ranger-kafka-plugin.

      cd /usr/hdp/<version>/ranger-kafka-plugin
    3. Edit the following entries in the install.properties file.

      Table 13.5. Properties to Edit in the install.properties File

      Configuration Property Name

      Default/Example Value

      Required?

      Policy Admin Tool

         
      COMPONENT_INSTALL_DIR_NAME /usr/hdp/2.4.2.0-258/kafka Y

      POLICY_MGR_URL URL for policy admin

      http://<FQDN of ranger admin host>:6080

      Y

      REPOSITORY_NAME The repository name used in Policy Admin Tool for defining policies

      kafkadev

      Y

      Audit Database

         

      SQL_CONNECTOR_JAR Path to SQL connector jar of the DB Flavor selected. The value should be the absolute path including the jar name.

      /usr/share/java/mysql-connector-java.jar (default)

      /usr/share/java/postgresql.jar

      /usr/share/java/sqljdbc4.jar

      /usr/share/java/ojdbc6.jar

      Y

      XAAUDIT.DB.IS_ENABLEDEnable or disable database audit logging.

      FALSE (default), TRUE

      Y

      XAAUDIT.DB.FLAVOUR Specifies the type of database used for audit logging (MYSQL,ORACLE)

      MYSQL (default)

      Y

      XAAUDIT.DB.HOSTNAME Hostname of the audit database server

      localhost

      Y

      XAAUDIT.DB.DATABASE_NAMEAudit database name

      ranger_audit

      Y

      XAAUDIT.DB.USER_NAME Username used for performing audit log inserts (should be same username used in the ranger-admin installation process)

      rangerlogger

      Y

      XAAUDIT.DB.PASSWORD Database password associated with the above database user - for db audit logging

      rangerlogger

      Y

      HDFS Audit

         

      XAAUDIT.HDFS.IS_ENABLED Flag to enable/disable hdfs audit logging. If the hdfs audit logging is turned off, it will not log any access control to hdfs

       

      Y

      XAAUDIT.HDFS.DESTINATION _DIRECTORY HDFS directory where the audit log will be stored

      hdfs://__REPLACE__NAME_NODE_HOST:8020/ (format) hdfs://namenode.mycompany.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%

      Y

      XAAUDIT.HDFS.LOCAL_BUFFER _DIRECTORY Local directory where the audit log will be saved for intermediate storage

      hdfs://__REPLACE__NAME_NODE_HOST:8020/ (format) /var/log/%app-type%/audit

      Y

      XAAUDIT.HDFS.LOCAL_ARCHIVE _DIRECTORY Local directory where the audit log will be archived after it is moved to hdfs

      __REPLACE__LOG_DIR%app-type%/audit/archive (format) /var/log/%app-type%/audit/archive

      Y

      XAAUDIT.HDFS.DESTINATION_FILEhdfs audit file name (format)

      %hostname%-audit.log (default)

      Y

      XAAUDIT.HDFS.DESTINATION _FLUSH_INTERVAL_SECONDS hdfs audit log file writes are flushed to HDFS at regular flush interval

      900

      Y

      XAAUDIT.HDFS.DESTINATION _ROLLOVER_INTERVAL_SECONDShdfs audit log file is rotated to write to a new file at a rollover interval specified here

      86400

      Y

      XAAUDIT.HDFS.DESTINATION _OPEN_RETRY_INTERVAL_SECONDShdfs audit log open() call is failed, it will be re-tried at this interval

      60

      Y

      XAAUDIT.HDFS.LOCAL_BUFFER _FILE Local filename used to store in audit log (format)

      %time:yyyyMMdd-HHmm.ss%.log (default)

      Y

      XAAUDIT.HDFS.LOCAL_BUFFER _FLUSH_INTERVAL_SECONDS Local audit log file writes are flushed to filesystem at regular flush interval

      60

      Y

      XAAUDIT.HDFS.LOCAL_BUFFER _ROLLOVER_INTERVAL_SECONDSLocal audit log file is rotated to write to a new file at a rollover interval specified here

      600

      Y

      XAAUDIT.HDFS.LOCAL_ARCHIVE _MAX_FILE_COUNT The maximum number of local audit log files that will be kept in the archive directory

      10

      Y

      SSL Information (https connectivity to Policy Admin Tool)

         

      SSL_KEYSTORE_FILE_PATH Java Keystore Path where SSL key for the plug-in is stored. Is used only if SSL is enabled between Policy Admin Tool and Plugin; If SSL is not Enabled, leave the default value as it is - do not set as EMPTY if SSL not used

      /etc/hadoop/conf/ranger-plugin-keystore.jks (default)

      Only if SSL is enabled

      SSL_KEYSTORE_PASSWORDPassword associated with SSL Keystore. Is used only if SSL is enabled between Policy Admin Tool and Plugin; If SSL is not Enabled, leave the default value as it is - do not set as EMPTY if SSL not used

      none (default)

      Only if SSL is enabled

      SSL_TRUSTSTORE_FILE_PATH Java Keystore Path where the trusted certificates are stored for verifying SSL connection to Policy Admin Tool. Is used only if SSL is enabled between Policy Admin Tool and Plugin; If SSL is not Enabled, leave the default value as it is - do not set as EMPTY if SSL not used

      /etc/hadoop/conf/ranger-plugin-truststore.jks (default)

      Only if SSL is enabled

      SSL_TRUSTSTORE_PASSWORDPassword associated with Truststore file. Is used only if SSL is enabled between Policy Admin Tool and Plugin; If SSL is not Enabled, leave the default value as it is - do not set as EMPTY if SSL not used

      none (default)

      Only if SSL is enabled

    4. Enable the Kafka plug-in by running the following commands:

      export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
      ./enable-kafka-plugin.sh
    5. Enter the following commands to stop/start the Kafka service.

      su kafka -c "/usr/hdp/current/kafka-broker/bin/kafka stop" 
      su kafka -c "/usr/hdp/current/kafka-broker/bin/kafka start"
      
    6. Create the default repo for Kafka with the proper configuration specifying the same repository name as in step 3.

    7. You can verify the plug-in is communicating to Ranger admin via the Audit/plugins tab.

    8. If the plug-in is not able to communicate with Ranger admin, check the property authorizer.class.name in/usr/hdp/2.4.2.0-258/kafka/config/server.properties. The value of the authorizer.class.name should be org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.

    ​Installing the Ranger HBase Plug-in

    https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_installing_manually_book/content/installing_ranger_plugins.html

  • 相关阅读:
    mysql 优化
    对象的特征
    对象的回收机制
    对象产生的过程
    python 内容查询小助手
    python笔记
    python安装MySQLdb模块
    python笔记
    python笔记
    定期删除备份文件,节省磁盘空间脚本
  • 原文地址:https://www.cnblogs.com/felixzh/p/10490274.html
Copyright © 2020-2023  润新知